CISO Radar: what to expect in 2025?

In terms of existing technologies, it may be wise to analyze your current setup to identify any overlaps. As tools are frequently updated, new features can cover areas previously managed by other dedicated solutions. Instead of multiplying distinct tools, which can be costly and complex, aim for a deliberate reduction by focusing on a few unified platforms. Some of our clients, who had between 40 and 80 cybersecurity solutions, now target around 10 tools based on 2 or 3 major platforms. Identity and Access Management (IAM) is often a priority, and infrastructure security can also benefit. Remain vigilant, however, about the gaps between vendor promises and reality, as well as the risk of dependency on a single provider, as illustrated by the CrowdStrike incident this summer.

Cybersecurity is increasingly crucial for earning the trust of customers and partners and securing market opportunities and can even generate new offers. CISOs must therefore master the business, understand customer journeys, and collaborate with business teams. In the long run, cybersecurity can transition from a cost center to a profit center, often requiring the mobility of business profiles to bring a marketing and commercial dimension. This approach is very effective in contexts where the organization builds and markets digital offerings or products (industry, healthcare, automotive, transport, etc.).

As many organizations reach a period of renewal for their Security Operation Center (SOC), it is essential to maintain or even enhance its effectiveness, despite an ever-expanding and increasingly heterogeneous scope. Several key areas of focus are emerging:

• Optimizing the SOC: automation (via traditional SOAR tools or new AI-powered products) promises to accelerate processes and facilitate analysts’ work. While the results are promising, achieving this requires significant foundational efforts. “Shift-left” as well as specialized decentralized tools (as opposed to legacy centralized monolithic SIEM) and teams are seen as levers enabling to scale up and structurally optimize the SOC.
• Rethinking the technology stack: numerous SOC overhaul projects are currently in the planning phase. These projects often lead to strategic decisions: discontinuing SIEM? Focusing on XDR? Migrating to the cloud? Implementing “detection as code” to streamline the automated addition and removal of detection rules? Depending on the needs (IT/OT/Product coverage, technological diversity) and existing tools (end-of-life products, acquired solutions, etc.), the directions being taken by clients vary significantly based on priorities such as managing heterogeneous environments and simplifying operations.
• Revisiting data management for real-time capabilities: beyond the usual collection of “cold” logs, creating a Security Data Hub can unify security events and consolidate relevant data sources, providing a more real-time view of the security posture. This transformative approach requires advanced “data” thinking to structure the data hub, but it offers short-term benefits in understanding exposure levels continuously and long-term advantages, particularly for integrating AI.

When the most advanced organizations master these three pillars, they will then be able to move toward Continuous Threat Exposure Management. Combining multiple tools and methodologies (Attack Path Management, Extended Attack Surface Management, Breach & Attack Simulation), this approach enables organizations to prioritize their detection and remediation efforts based on the most probable and critical intrusion scenarios, relevant to their specific context.

Data protection is a major challenge for organizations, as they manage a multitude of critical data necessary for their proper functioning. Knowing how to monitor the security level of this data has long been a thorny issue. Solutions have emerged over the years to address this challenge (data encryption, auto-discovery, real-time anomaly detection, etc.), but none have provided a perfect answer.

Today, thanks to artificial intelligence, new tools seem to be emerging to offer an effective solution. 2025 could be an opportunity for CISOs to seize the new opportunities offered by AI to enhance the functionalities of the two main categories of tools:

• DSP (Data Security Platforms) aim to provide comprehensive data protection, including threat detection, access management, and regulatory compliance. They are gradually integrating AI features to enhance their services.
• DSPM (Data Security Posture Management) could also benefit from the integration of AI. Various types of DSPM exist, each addressing specific needs, particularly regarding adaptation to Cloud environments. These tools centralize data security management, offering an overview and tools to monitor and strengthen data security management. The addition of AI could facilitate the correlation between different data sets, suggest appropriate posture adjustments, and maintain continuous risk analysis and trend monitoring, especially through improved auto-discovery tools.

To ensure you have the most suitable tools for your needs, take advantage of the new year to:

• Ensure that the data owners within your organization are clearly identified.
• Analyze how you currently secure your data.
• Identify the challenges you face and the features you would like to have to address them.
• Define the environments in which your information system is present and interacts, and the resources that are and will be allocated for data security management.
• Keep a close watch on existing solutions and choose those that best meet your needs.

The scope is expanding…, and so is the volume of vulnerabilities! Many organizations are dealing with growing backlogs of unaddressed vulnerabilities affecting all components, including operating systems, middleware, applications, and network equipment. Recent cyber incidents highlight that exploiting these vulnerabilities is a favored tactic for attackers. To scale and industrialize our response, adopting a Vulnerability Operation Center (VOC) approach is essential.

The two objectives of the VOC are to enable automation and efficiency gains. The VOC acts as an orchestrator for vulnerability management by combining:

• Governance with a clear organization of tasks and responsibilities (regarding which vulnerabilities to remediate, which areas to monitor, etc.).
• A platform that centralizes vulnerabilities detected by all types of tools (SAST, DAST, IAT) to streamline and prioritize remediation.

The VOC is the art of harmonizing: we set up a conductor to control vulnerability management by reconciling a wide variety of sources and bringing together multiple teams. The deployment of this type of structure for many clients shows positive results, allowing for clearer responsibilities and significantly reducing critical vulnerabilities.

2024 has shown that AI is becoming an increasingly essential tool for businesses, and it seems unrealistic to do without it. Therefore, it is crucial to secure it.

For now, most of the use cases we have observed are fairly straightforward, even if some are critical, and organizations have been quick to grasp them by deploying, at the very least, appropriate governance and basic security measures. However, with the rise of “agentic” AI, capable of executing tasks or making decisions, the risks will increase and diversify. It will then be necessary to adopt more complex and AI-specific approaches, with a precise understanding of your profile:

• Are you simply a user of AI systems provided by third parties? In this case, focus on managing and assessing the risks associated with these third-party AI model/system providers, as well as on raising awareness and controlling your users.
• Do you develop applications that integrate AI models provided by third parties? You must then secure the platform hosting the AI, ensure data protection, and perform checks on the entire solution.
• Are you yourself a creator and operator of AI models (or even a provider for others)? Integrate security throughout the development cycle and plan for extensive testing (AI red teaming). Ensure you can detect and respond to incidents, particularly in the face of potential malicious prompts for generative AI.

These essential steps for cybersecurity are part of the broader approach to trustworthy AI, focusing on lawful, ethical, and robust AI systems aligned with frameworks like the NIST AI Risk Management Framework or the European AI Act. This involves governance that fosters dialogue among all organizational stakeholders (cybersecurity, data science, legal, business, etc.), tailored processes, appropriate tools (charters, risk assessment methodologies, etc.), and controls (audits, red teaming, etc.).

Increased awareness and new regulations (e.g. Cyber Resilience Act) are making consumers of digital products (both professional and personal) more demanding regarding their security. Some of our clients have already understood this.

The main challenge lies in bringing together dispersed expertise (product managers, developers, business units, marketing, support, compliance, etc.). It involves identifying your digital products and creating an integrated sector to consolidate skills and simplify security integration. Some organizations have established a Product Security Office, usually attached to the CISO, which ensures regulatory compliance and a minimum level of security. In the long run, this setup can demonstrate the value of cybersecurity and make it a differentiating factor. To get started:

• Assess the security of your digital products (including software solutions) and the measures in place, comparing them with regulations and customer expectations.
• Identify stakeholders in the product lifecycle, their current roles, and actions to be strengthened. Assign them a security point of contact.
• Establish dedicated governance, initially in the form of a task force, then evolve it into an integrated approach with specific processes, especially for regulatory compliance.

Cyber sectors have already addressed AI security, although much remains to be done in an ever-evolving context. After this initial phase, it is time in 2025 to see how the CISO can leverage AI to enhance their own activities. Today, the market is still being structured, but some use cases are beginning to reach maturity. We can identify:

• Facilitating communication (awareness campaigns, access to security documentation, “CISO GPT” to answer complex questions).
• Accelerating certain processes (pre-analysis of your suppliers’ responses to security questionnaires).

Other, more distant use cases also deserve your attention:

• Data protection: recommending classification levels based on nature and context, for instance.
• Detection & response: AI assistants for the SOC, automated log searches, dynamic updating of detection rules.

The priority, however, is on combating the rise of deepfakes (particularly their use in CEO fraud). AI will likely be key to achieving the necessary responsiveness, and innovative solutions are already beginning to emerge.

For now, maintain close monitoring and evaluate the productivity and efficiency gains that AI can bring you. In a context where resource optimization is crucial, AI could prove to be a valuable ally. Many AI-based products are expected to appear in 2025: identify relevant use cases now to stay proactive and effective.

A key topic in IT security, cyber resilience is also crucial for the OT world. The Critical Entities Resilience Directive in Europe will soon require industrial players to integrate this topic into their roadmap. Fortunately, resilience is already well-known in the industry, with existing processes often adaptable to cyber: redundancy, incident communication, business continuity plans, and local degraded processes.

However, this analysis is often done at the scale of a site or a production line, without an end-to-end vision. The worst-case scenario considered is local and not a global industrial IT failure following a cyber attack.

Moreover, industrial IT architectures, although segmented, often lack isolation, detection, and, most importantly, rapid reconstruction capabilities! To address these scenarios, response formats and modes need to be adapted: dedicated and isolated crisis management PCs, adjusted reflex sheets, and recovery tests that include this end-to-end vision.

The industrial world is well-acquainted with resilience, and IT departments have been working on it for a long time: fully bring these two worlds together to make your OT infrastructure completely resilient!

Most estimates suggest that a quantum computer capable of breaking RSA encryption will emerge between 2030 and 2040. Authorities and standardization bodies have already acted: NIST published the first post-quantum encryption standards this summer, and at the end of November 18 European security agencies recommended making it a major priority. In Australia, obsolescence dates for RSA and ECC as we know them have even been set for 2030.

Why such a hurry?

• We must prepare for a long migration, covering a wide scope (infrastructure, suppliers, products…), which can span several years.
• For certain sensitive areas, malicious actors could “harvest now and decrypt later” when quantum computers become operational.

As of 2025, anticipate:

• Raise awareness among business units and executive committees, as this project remains largely invisible outside IT teams but will require financial support.
• Define your strategy by identifying the data to be protected as a priority (especially those with long confidentiality periods or highly exposed). Conduct a quick inventory of your trust systems (PKI, HSM, CLM…) to assess the migration effort and meet future regulatory requirements.
• Clarify governance (cyber team? IT team?) and appoint a strong leader to oversee the project over several years.
• Integrate post-quantum compliance requirements (PQC) into your cyber clauses, either now or through updates within three years. For those most affected, launch POCs.
• Add this transition to your obsolescence roadmaps to benefit from existing processes.
• Embed all these actions in a “crypto agility” logic, as post-quantum algorithms are still young and may require several future migrations.

Disinformation is a major societal issue that large organizations are subjected to and sometimes find themselves powerless against. Without replacing communication teams or ensuring continuous monitoring of social networks, the CISO can nevertheless contribute in the case of a confirmed disinformation campaign: analysis methodologies, investigations, processing data from incident response… Their technical expertise can thus enhance the organization’s credibility and showcase the teams’ know-how. Beyond combating fraud, managing disinformation could therefore become an additional skill for the CISO, especially in the most mature and exposed areas.